This Privacy Statement will be discussed in our initial session.
In accordance with United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, I take your privacy seriously. I am also registered with the Information Commissioners Office (ICO).
The following explains what data I keep, why I need to keep data, and how I handle your data:
Name and age – This is necessary basic information that helps me to get to know you.
Address, email address, and phone number – I require this so I can contact you regarding sessions. However, whichever your preferred method of communication, I will primarily use this method to contact you. If, however, I am unable to reach you via your preferred method of communication, I will try an alternative method of contact already given.
General practitioner details – If I become worried that you are at risk, then I may need to contact your general practitioner or emergency services, which I will inform you about before doing so.
Session notes – I do keep brief notes of our sessions, which are kept anonymised, in accordance to my indemnity insurance and professional governing body of the British Association for Counselling and Psychotherapy (BACP).
Next of Kin – I keep this in case of an emergency, and only an emergency.
Personal data sharing
It is unlikely that I will need to share your data. I will not sell it on or use it for unethical purposes. However, I may have to share personal data if my notes are subpoenaed by a court of law. If you or anyone you disclose to me is at risk of harm, I may have to pass this information on to the appropriate emergency services, as well as your general practitioner or social care team. You do have a right to access notes written about yourself. I have regular supervision where I discuss my client work, however I always keep client identities anonymous.
Storage of data
All personal data is stored electronically and nothing is left on paper. Your contact details, signed contracts, and session notes are stored on a password protected file on a password protected USB, which only I have access to. Your name is kept abbreviated to avoid identification.
Your phone number is stored in my mobile phone with your first name added as a contact. This will be deleted approximately one month after our work ends.
If your main way of contacting me is via email, your email address will be stored on my work email account. Both my mobile and computer are password protected.
Withholding data and data disposal
I keep your name, session notes, and unique code for up to 7 years, these are held on a password protected file on a USB, which only I have access to - As recommended by my insurance company and professional governing body of the BACP. After seven years, the files on this device will be deleted and the USB itself will be manually destroyed with no trace of your details contained within it.
After one month after our work finishes, I will shred your personal information ensuring it is illegible. I will also delete your phone number from my mobile phone along with your stored email address.